[20097] in bugtraq
Re: A subject line buffer overflow in Outlook Express (was Re:
daemon@ATHENA.MIT.EDU (Daniel Naber)
Mon Apr 9 05:00:45 2001
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Message-ID: <200104062131.f36LVPo07826@pluto.gt.owl.de>
Date: Fri, 6 Apr 2001 23:31:25 +0200
Reply-To: Daniel Naber <daniel.naber@T-ONLINE.DE>
From: Daniel Naber <daniel.naber@T-ONLINE.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <013701c0be4c$1cd22560$220a400a@officeeagle>
Content-Transfer-Encoding: 8bit
On Friday 06 April 2001 05:35, you wrote:
> line buffer of Outlook Express, versions 5.0.x.x and 5.50.x.x. This
> overflow is exploitable (in the latter version) with the same EML
> content spoofing being discussed in the previous thread.
Regarding buffer overflows: The KMail team offers a test mail folder that
tries to trigger several bugs and buffer overflows. From the web page:
-- quote ---
Mail client test file v0.5 (55kb): This mbox file triggers some bugs and
has very long field values to trigger buffer overflows. You may use this
to find possible security problems - not only in KMail, but in any mail
client that supports mbox folders. Just copy this file to ~/Mail/ and
start KMail.
-- /quote ---
You can get the file from http://kmail.kde.org/mail-client-QA.gz
Of course the file is not "complete", you cannot use it the prove the
security of a mail client. If you have additions (e.g. mails that trigger
bugs) send them to me and I will include them in the test file.
Regards
Daniel
--
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Guetersloh, Germany
